[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6471) dynlist overlay only acknowledging last dynlist-attrset statement
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6471) dynlist overlay only acknowledging last dynlist-attrset statement
- From: j@gropefruit.com
- Date: Sat, 13 Feb 2010 22:35:14 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
First of all, I am paraphrasing. No one is hiding anything from you =
Pierre. You need only ask.=20
> It is supposed to be a bug. It's also the reason I asked from the
> beginning to see the real configuration, real data and real operation
> causing the issue. If you keep hiding essential details, and only =
provide
> bits of information each time, it'll take ages to just discover where =
the
> issue is.
> So now the only way to keep this ITS open is to see your ENTIRE =
slapd.conf
> (except passwords, of course). An even better alternative would be to
> receive a sanitized slapd.conf, a LDIF and a search operation based on
> ldapsearch that clearly illustrates the issue, like what I posted a =
couple
> of postings ago.
Here, the entire sanitized config. I left out the ACL file (the include =
statement at the very end), but the behavior in question was happening =
to the rootdn user as well, meaning ACLs weren't the culprit. I also =
removed 14 of 15 of the syncrepl stanzas for brevity, as they were all =
the same aside from hostname/IP.
NOTE the sections labeled WORKS HERE, and BROKEN HERE, which denote the =
original (dysfunctional) position vs the current (functional) position.
######
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/sudo.schema
include /etc/ldap/schema/dhcp.schema
include /etc/ldap/schema/samba.schema
include /usr/share/doc/libpam-ldap/ldapns.schema
include /etc/ldap/schema/hdb.schema
include /etc/ldap/schema/uber.schema
include /etc/ldap/schema/nisdomainobject.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
tool-threads 4
loglevel stats stats2 sync
## Modules/Overlays
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload back_monitor.la
moduleload syncprov
moduleload accesslog
moduleload dynlist.la
serverID 100 ldap://10.94.100.100:3890/
TLSCertificateFile /etc/ldap/ssl/wildcard.example.com.crt
TLSCertificateKeyFile /etc/ldap/ssl/wildcard.example.com.key
TLSCACertificateFile /etc/ssl/certs/ca-example.cert
TLSVerifyClient never
## Limits, Mandates & Allowances
disallow bind_anon
sizelimit unlimited
timelimit unlimited
security tls=3D0
access to dn.subtree=3D"cn=3DSubschema"
by users read
access to dn.base=3D""
by users read
defaultSearchBase dc=3Dexample,dc=3Dcom
sasl-realm EXAMPLE.COM
sasl-host ds.example.com
authz-regexp "uid=3D\(.*\),cn=3DEXAMPLE.COM,cn=3Dgssapi,cn=3Dauth"
"uid=3D$1,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=3Dcom"
backend hdb
########### Monitoring Database - For slapd/hdb performance data
database monitor
rootdn uid=3Dmonitor,cn=3Dmonitor
rootpw {SSHA}....
access to dn.subtree=3D"cn=3Dmonitor"
by =
group/groupOfUniqueNames/uniqueMember=3D"cn=3Dldapadmin,cn=3Dldap,cn=3Dgro=
ups,dc=3Dexample,dc=3Dcom" read
########### Example Log
database hdb
suffix cn=3Dexamplelog
rootdn "uid=3Dlog,cn=3Dexamplelog"
rootpw {SSHA}....
directory /var/lib/ldap/examplelog
index reqStart,objectClass,entryCSN,reqResult eq
dbconfig set_cachesize 0 4097152 0
dbconfig set_lg_regionmax 1048576
dbconfig set_lg_max 1048576
dbconfig set_lg_dir /var/lib/ldap/examplelog
dbconfig set_tmp_dir /tmp
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
access to dn.subtree=3D"cn=3Dexamplelog"
by =
group/groupOfUniqueNames/uniqueMember=3D"cn=3Dldapadmin,cn=3Dldap,cn=3Dgro=
ups,dc=3Dexample,dc=3Dcom" read
########### Example.Com
database hdb
idlcachesize 4000
suffix "dc=3Dexample,dc=3Dcom"
checksum
checkpoint 10 1
cachefree 20
rootdn "uid=3Drootdn,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=
=3Dcom"
rootpw {SSHA}....
monitoring on
lastmod on
directory "/var/lib/ldap/example"
dncachesize 1000
dbconfig set_cachesize 1 0 2
dbconfig set_lg_max 10485760
dbconfig set_lg_regionmax 40485760
dbconfig set_flags db_log_autoremove
dbconfig set_lg_bsize 20971520
dbconfig set_lk_max_objects 5500
dbconfig set_lk_max_locks 5500
dbconfig set_lk_max_lockers 5500
index objectClass eq =20
index entryCSN,entryUUID eq =20
index cn,uid,memberUid eq
index uidNumber,gidNumber eq
###############
### WORKS HERE
overlay dynlist
dynlist-attrset groupOfURLs memberURL memberUid
dynlist-attrset posixGroup memberURL memberUid:uid
## There were 15 of these, removed 14 for brevity.
syncrepl rid=3D001
provider=3Dldap://10.94.100.100:3890/
starttls=3Dyes
bindmethod=3Dsimple
binddn=3D"uid=3Dsyncrepl,cn=3Dplain,cn=3Dauth,dc=3Dexample,dc=3Dcom"
credentials=3Dpassword
scope=3Dsub
filter=3D"(objectClass=3D*)"
schemachecking=3Doff
searchbase=3D"dc=3Dexample,dc=3Dcom"
attrs=3D"*,+"
retry=3D"12 +"
sizelimit=3Dunlimited
timeout=3D20
type=3DrefreshAndPersist
mirrormode true
overlay syncprov
syncprov-sessionlog 10
syncprov-checkpoint 1 5
overlay accesslog
logdb cn=3Dexamplelog
logops writes
logold (objectclass=3D*)
logpurge 7+00:00 2+00:00
logsuccess TRUE
##################
### IS BROKEN HERE
overlay dynlist
dynlist-attrset groupOfURLs memberURL memberUid
dynlist-attrset posixGroup memberURL memberUid:uid
include /etc/ldap/acls